- Peril
- Exposure
- Hazard
- Ground-up Loss
- Risk
Monday, November 25, 2019
Talk Like a Cyber Insurance Risk Analyst
In a recent class on catastrophe risk modeling, I learned the definition of terms that are common in insurance but not so well understood elsewhere:
Friday, June 14, 2019
RESET: "Data-driven Security Smashup" will launch in Fall 2019
Big change of plans for the "Data-driven Security Smashup":
Another "basic" that needs attention is contact and relationship management for all the people who have expressed interest, asked questions, or need responses. This includes a dedicated website instead of this blog.
The new schedule gives us the lead time to recruit organizers and collaborators in academia, professional associations, industry, independent consultants, and government, both in US and internationally (mostly UK, Europe, Switzerland).
Personally, I'm not disappointed. The core idea is solid. Lots of interest. This change makes some space for some of my other priorities (dissertation!).
Stay tuned!
We are canceling the live event in Las Vegas, August 3 - 5.Instead, we aim to launch one or more Virtual Smashup projects in the Fall of 2019, followed by one or more live events early in 2020, perhaps one in the US and one in UK.
Why?
Basically, we ran out of time as we were trying to organize the event: sponsorship, organizer recruiting and on-boarding, Call for Participation, legal structure, venue. No fault to anyone. We started relatively late, and our standards are high. We didn't want to just throw it together and risk having things fall apart during the event.Benefits
This new schedule gives us time to do it right, starting with the basics. For example, we will secure a "fiscal sponsorship" relationship so we have the legal, financial, and operational infrastructure to take donations, manage risk, and to spend money responsibly.Another "basic" that needs attention is contact and relationship management for all the people who have expressed interest, asked questions, or need responses. This includes a dedicated website instead of this blog.
The new schedule gives us the lead time to recruit organizers and collaborators in academia, professional associations, industry, independent consultants, and government, both in US and internationally (mostly UK, Europe, Switzerland).
Personally, I'm not disappointed. The core idea is solid. Lots of interest. This change makes some space for some of my other priorities (dissertation!).
Stay tuned!
Wednesday, May 15, 2019
SIRAcon: "Probabilistic models of breach impact – combining theory and empirical data"
Here are my slides from my SIRAcon talk.
Here's a slide that got a lot of attention. (Humorous, of course)
Here's a slide that got a lot of attention. (Humorous, of course)
Monday, April 15, 2019
Announcing: Data-driven Security Smashup
Data-driven Security Smashup
A Hackathon + Supercollider of Talent, Ideas, & Resources
Fall 2019
Las Vegas, NV; Saturday - Monday August 3-5, 2019
[updated June 14, 2019, see "RESET..." for more info]
Venue: rented house*, well off the Strip Working on it. Aiming for UNLVTiming: just before B-Sides LV/Black Hat/Defcon- Organizers: Me, Jon Hawkes, plus 2-6 others to be named (interested? Contact me)
On-site capacity: ~30 30 - 60Remote/virtual participation? Yes. Details TBD Also several Satellite locationsCall for Participation: coming soon, mid MayCall for Sponsorship: coming soon, mid MayOther locations: if this first Smashup goes well, we'd like to 'step-and-repeat' it soon in the EU, UK, Switzerland, elsewhere in US, and maybe more- Updates and news: follow @dds_smashup on Twitter
Summary
The Data-driven Security Smashup (DDS Smashup) is a combination of hackathon and ‘supercollider’ of talent, ideas, and resources, aiming for breakthrough innovations in data-driven cyber security, especially solutions to problems that span domains of people, process, technology, institutions, and culture.
Sunday, April 14, 2019
Why Is Breakthrough Innovation in Cyber Security So Hard?
Short answer: Innovation activities tend to focus on just a few pieces at a time, treating it as a simple problem. That doesn't create breakthroughs because the system* is too complicated.
What this means is that breakthrough innovations will depend on many, simultaneous inventions, including crossing system levels.
* "system" = technology, information, people, processes, organizations, institutions, economics,...In Sciences of the Artificial, Herbert Simon argued that most evolved systems (natural and artificial) were "partially decomposable" (if not fully decomposable) into units or subsystems that could be studied and understood in isolation. While cyber security is partially decomposable for many purposes, it is my conjecture that it is much less decomposable than we believe or desire.
What this means is that breakthrough innovations will depend on many, simultaneous inventions, including crossing system levels.
Sunday, March 31, 2019
A 12 Year Quest -- My Story
On a quest, through the desert. (credit: Assassin's Creed – Origins; Thick Skin Side Quest – Crocodile, Hyena, Vulture Locations) |
I don't normally post personal stories on this blog (or elsewhere) but today feels like the right time for this particular personal story. I'm writing this as a way of connecting to my community, many of whom have shared the ups and downs of this journey. I don't have any big lessons or advice. Even so, some readers may find this story instructive or inspirational, even indirectly. I hope so.
Caveats: In this post, I don't individually acknowledge and thank all the people who have helped me along the way. There are so many, so I will do that separately, both in one-on-one communications and later blog posts. I'm also going to discipline myself not to write about all the details, all the events, all the feelings along the way. That would be too long. I aim is to have a post that is readable and still specific enough to be meaningful.
Even so, it's a long blog post. If this suits you, the story continues below.